gpg-agent forwarding

Werner Koch wk at
Thu Nov 6 15:40:13 CET 2014

On Thu,  6 Nov 2014 14:25, peter at said:

> How would this be implemented? I can think of two options: a TCP port,
> forwarded by PuTTY, and an SSH subsystem.

OpenSSH has socket forwarding and that is what I was thinking about.
Similar to a subsystem it uses a channel on the ssh connection for the
transport.  Assuming that OpenSSH is running on the server, what we need
is a limited client side implementation of socket forwaring in Putty;
Putty would then translate that to an Windows IPC mechnism (e.g. local
TCP+nonce) and gpg-agent can immediatley use it.

In fact I plan to add an option to gpg-agent to open a second listing
socket which can be used for such forwarding.  Connection via that
socket would be restricted in that not all gpg-agent features are
available (e.g. no passphrase cache).

> A TCP port is accessible by anyone. Even when you restrict it to
> localhost, this exposes it to any other user on a multi-user system.

Only to those who have the permissions to switch the socket into
promiscuous mode to run tcpdump.  That is usually only root.  Even on
Windows other user can't tap an established  TCP connection.  To avoid
that other users connect to a listening socket we use a nonce taken from
a file - that file is protected by the usual file system permissions.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list